This bug can be fixed by smartening up guess_bugtask() which is used to get the bugtask when it was not explicitly stated. guess_bugtask() does not use proper zope security checks; anyone working in this function could update it so that drivers, bug supervisors, and security contacts can perform the same updates that they can use API or UI.
This bug can be fixed by smartening up guess_bugtask() which is used to get the bugtask when it was not explicitly stated. guess_bugtask() does not use proper zope security checks; anyone working in this function could update it so that drivers, bug supervisors, and security contacts can perform the same updates that they can use API or UI.